Date: Sun, 05 Jul 2015 18:51:37 -0500
From: Mark Felder <feld@...d.me>
To: oss-security@...ts.openwall.com
Subject: node.js out of band write
Node has resolved a security vulnerability in their most recent release
but do not appear to have requested a CVE ID.
http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/
Node v0.12.6 (Stable)
Sat, 04 Jul 2015 02:34:23 UTC - release
This release of Node.js fixes a bug that triggers an out-of-band write
in V8's utf-8 decoder. This bug impacts all Buffer to String
conversions. This is an important security update as this bug can be
used to cause a denial of service attack.